go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

SECOM Dr.ID Attendance system - Unrestricted File Upload

TVN ID TVN-202408006
CVE ID CVE-2024-7732
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products Dr.ID Attendance system before version 3.5.0.0.0.5
Description Dr.ID Attendance System from SECOM does not properly validate the type of uploaded files. A remote attacker with regular privileges can upload a web shell to the web directory and use it to execute arbitrary code on the remote server.
Solution Update Dr.ID Attendance System to version 3.5.0.0.0.5 or later.
Credit Cyku Hong(DEVCORE)
Public Date 2024-08-13
Top